3a6ddc9c146f68512978e3daf1446b51 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a6ddc9c146f68512978e3daf1446b51
Size

14KB
MD5

3a6ddc9c146f68512978e3daf1446b51
SHA1

204e3dad2e25e777875a797253eff028e3de0072
SHA256

a01ef9d334e1fefee0b5df1a4eb66271e427a56da807f45c19709a53ae36020d
SHA512

b5958b62a6261db3653ed72e5b30629cb3cc9d74772c47765aadb8d6034f9f07eef81f570b76343d3cf7bba58aff98f86ab7408c952e0531201dc41472ea5f7a
SSDEEP

192:P4ptNvPauB29yAtnyxaMGtKBPNY68a6DNtN1MwNr1UMfqXMHp1GrKlUQgcvC3G7c:o2dQgM8KnbEDtIrKd7vEGkIWmOA6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a6ddc9c146f68512978e3daf1446b51

Files

3a6ddc9c146f68512978e3daf1446b51
.exe windows:4 windows x86 arch:x86

34e1b375f9d50ec71cab3ea44b7e0190

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
Sleep
DeleteFileA
lstrcpyA
lstrcatA
GetCurrentProcess
SetFileAttributesW
WinExec
GetFileAttributesA
GetModuleHandleW
GetProcAddress
CloseHandle
ExitProcess
GetModuleHandleA
GetCommandLineA
CreateEventA
SetEvent
GetLastError
OpenProcess
GetShortPathNameA
GetEnvironmentVariableA
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
HeapFree
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery

user32

CharUpperA
MessageBoxA
ExitWindowsEx
wsprintfA

advapi32

RegDeleteValueA
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

shell32

ShellExecuteExA

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE